AfterGlow

AfterGlow is a script that assists with the visualization of log data. It reads CSV files and converts them into a Graph description. Check out http://afterglow.sf.net for more information also.
This short presentation gives an overview of AfterGlow and outlines the features and capabilities of the tool. It discusses some of the harder to understand features by showing some configuration examples that can be used as a starting point for some more sophisticated setups.
AftterGlow is one the most downloaded security visualization tools with over 17,000 downloads.

13.
copyright (c) 2013pixlcloud | turning data into actionable insights
Advanced Configuration
• match() match("[0-9]")
- matches the current field and returns 0 or 1
• field() "red" if (field() eq "foo");
• subnet() subnet($fields[0],0.0.0.0/7)
- returns 0 or 1 depending on whether the value is in the given subnet
• regex_replace()
cluster.source=regex_replace("(d+.d+)")."/16"
if (!match("^(212.254.110|195.141.69)"))
- if one of the two ranges match(), then return the first two octets of the source IP and add the "/16" string.
• get_severity() color.source=get_severity($fields[2], 10)
- use a 10 step color range based on the third columns value